专家政策范围未正确实施

Question

I have a model called Referral Request and associated table and views. I have three user roles defined using enums:

  enum role: { staff: 0, clinician: 1, admin: 2 }

Staff users belong to universities, and universities have many staff users. My intention in many parts of my application is to use pundit policies to only show staff users records that are associated with other users from their university. I am trying to do that for referral requests for example, but I have something configured incorrectly, because it shows any given user all referral requests regardless of whether they were created by another user who belongs to their university or not. What am I doing wrong?

Referral Request Policy:

class ReferralRequestPolicy < ApplicationPolicy
  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user  = user
      @scope = scope
    end

    def resolve
      if user.admin?
        scope.all
      else
        scope.joins(:user).merge(User.where(university: user.university))
      end
    end
  end

def index?
  user.staff? or user.admin?
end
end

Referral Request Model:

class ReferralRequest < ApplicationRecord
  belongs_to :user, -> { where role: :staff }
  belongs_to :patient
  has_many :dispatches
  has_many :clinicians, through: :dispatches
  has_and_belongs_to_many :languages
  has_and_belongs_to_many :races
  has_and_belongs_to_many :genders
  validates :user_id, presence: true
  enum status: { created: 0, sent: 1, shared: 2, closed_under_care: 3, closed_not_seeking_care: 4, closed_unresponsive: 5 }
end

staff user concern:

require 'active_support/concern'

module StaffUser
  extend ActiveSupport::Concern

  included do
    belongs_to :university
    has_many :patients
    has_many :referral_requests
    validates :university_id, presence: true, if: :staff?
  end

  class_methods do
  end
end

University Model

class University < ApplicationRecord
  has_many :staffs, -> { where role: :staff}, class_name: "User"
  has_many :clinicians, through: :lists
  has_many :whitelists
  belongs_to :market

  validates :market_id, presence: true
end

Answer 1

I forgot to change my index action in my Referral Requests Controller. This resolved it. Details.

def index
        @referral_requests = policy_scope(ReferralRequest)
    end